Ubuntu Update For PostgreSQL Vulnerabilities USN-876-1 Network Vulnerability

Summary

Ubuntu Update for Linux kernel vulnerabilities USN-876-1

Solution

Please Install the Updated Packages.

Insight

It was discovered that PostgreSQL did not properly handle certificates with NULL characters in the Common Name field of X.509 certificates. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2009-4034) It was discovered that PostgreSQL did not properly manage session-local state. A remote authenticated user could exploit this to escalate priviliges within PostgreSQL. (CVE-2009-4136)

Affected

PostgreSQL vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 8.04 LTS , Ubuntu 8.10 , Ubuntu 9.04 , Ubuntu 9.10

Severity

Classification

CVE CVE-2009-4034, CVE-2009-4136

CVSS	Base Score: 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P

Related Vulnerabilities

Ubuntu Update for dnsmasq vulnerability USN-627-1
Ubuntu Update for apache2 vulnerabilities USN-575-1
Ubuntu Update for apache2 USN-1259-1
Ubuntu Update for curl USN-2048-2
Ubuntu Update for clamav vulnerability USN-684-1

Ubuntu Update for PostgreSQL vulnerabilities USN-876-1

Take action and discover your vulnerabilities